学习2

// m1.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include"stdio.h"
#include <windows.h>
#include <tlhelp32.h>
#include"tlhelp32.h"

void shutdown()
{
// 以下为提权函数，使其用关机权限,
HANDLE hToken;
TOKEN_PRIVILEGES tkp;

if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
printf("OpenProcessToken调用失败");
}

LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);
tkp.PrivilegeCount=1;
tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken,false,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0);

//下面为关机函数
if(!ExitWindowsEx(EWX_SHUTDOWN ,0))
{
printf("关机失败");
}
}

int main(int argc, char* argv[])
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(pe32);

HANDLE hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf(" CreateToolhelp32Snapshot调用失败！");
return -1;

}

//string lpName = "EXPLORER.EXE" ;    // 设定需要监视的进程名
PROCESSENTRY32 pe;

pe.dwSize = sizeof(pe);


BOOL bMore = ::Process32First(hProcessSnap, &pe32);
while(bMore)
{

printf(" 进程名称：%s \n", pe32.szExeFile);

if(stricmp("EXPLORER.exe",pe32.szExeFile)==0) 
{
//取得宿主进程（EXPLORER.EXE）的句柄

HANDLE hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,false,pe.th32ProcessID);

//取得目标DLL的当前路径（路径可自由设置）

char szInspectDllPath[128] ;    
GetCurrentDirectory ( 128, szInspectDllPath ) ;      
strcat (szInspectDllPath, "QQLandDlg.dll >\\debug\\InspectQQLandDlg.dll" ) ;

printf(" 地址: %s \n", szInspectDllPath);
//申请存放文件名的空间

LPVOID pszInspectDllRemote ;
int InspectDllNameLength = sizeof ( szInspectDllPath ) + 1 ;
pszInspectDllRemote = VirtualAllocEx ( hRemoteProcess,  NULL, InspectDllNameLength, MEM_COMMIT, PAGE_READWRITE ) ;


//把dll文件名写入申请的空间
WriteProcessMemory ( hRemoteProcess, pszInspectDllRemote,(LPVOID)szInspectDllPath, InspectDllNameLength, NULL);

//获取动态链接库函数地址
HMODULE hModule ;
hModule = GetModuleHandle ( "kernel32.DLL" ) ;
LPTHREAD_START_ROUTINE fnStartAddr ;
fnStartAddr = ( LPTHREAD_START_ROUTINE ) GetProcAddress ( hModule,"LoadLibraryA" ) ;

//////////////////
//创建远程线程
HANDLE hInspectRemoteThread = NULL ;//存放远程线程句柄
hInspectRemoteThread = CreateRemoteThread ( hRemoteProcess, NULL, 0,fnStartAddr, pszInspectDllRemote, 0, NULL ) ;
if( hProcessSnap != NULL ){
CloseHandle ( hProcessSnap ) ;//关闭进程快照
CloseHandle ( hRemoteProcess ) ;
printf(" 来到这里了:  \n");
break ;

}
//////////////////




}


if(stricmp("QQ.exe",pe32.szExeFile)==0)
{
printf("QQ 运行中,准备关机");
// shutdown();
break;
}

if(stricmp("Thunder.exe",pe32.szExeFile)==0)
{
printf("Thunder 运行中,准备关机");
// shutdown();
break;
}


bMore = ::Process32Next(hProcessSnap, &pe32);
}

::CloseHandle(hProcessSnap);
printf("QQ 不在运行");
return 0;
}